jbrosi
commented
5 years ago If it's the same algorithm, the fastest is the best, because you can do more rounds/iterations and therefore increase security. If you go for the slow variant, you might be able to do less rounds so hackerz have it easier to breaking it (as it's same algorithm, they can use faster variant :)).
For the sync-question: There's also async method available, see https://github.com/dcodeIO/bcrypt.js#usage---async However it still runs in the main-thread. You can spawn sub-process / worker and do the operation there - if you don't want to have any impact on the main thread.
I understand the differences between the bcrypt and bcryptjs libraries is that one is pure JS and the other binds to native C++ libraries.
I've read that one should choose the fastest of the slowest algorithm. Both are bcrypt and one is slower because it's pure JS. So which is "more secure"?
And is it possible to run it so it doesn't bog down the main node thread, as I understand that it's a sync function?